You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have searched searched open and closed issues for duplicates.
I am using Signal-Desktop as provided by the Signal team, not a 3rd-party package.
Overall summary
Arch Linux is very far in implementing reproducible builds and has multiple independent groups that compare the official binaries with the binaries they compiled on their own computers.
This has been working fine for signal-desktop the last few years, today I noticed signal-desktop is currently listed as "not reproducible" on https://reproducible.archlinux.org/ (the instance that is run by Arch Linux staff):
The rebuilder has generated a semantic diff (although it doesn't understand .asar that well):
It seems storage.signal.org has changed from 142.250.74.115 to 142.250.181.211 (causing the 1 byte increase).
Embedding this kind of data is generally fine in Arch Linux, however could this file be attached to the github release as an artifact? The "official" dns-fallback.json is currently only available inside of the official signal-desktop .deb. :)
Currently these build instructions are used:
git lfs install
cd sticker-creator
yarn install
cd ..
yarn install --ignore-engines
I've setup a project that automatically extracts the official dns-fallback.json from updates.signal.org and makes it available on github as a release artifact:
Using a supported version?
Overall summary
Arch Linux is very far in implementing reproducible builds and has multiple independent groups that compare the official binaries with the binaries they compiled on their own computers.
This has been working fine for signal-desktop the last few years, today I noticed signal-desktop is currently listed as "not reproducible" on https://reproducible.archlinux.org/ (the instance that is run by Arch Linux staff):
The rebuilder has generated a semantic diff (although it doesn't understand .asar that well):
https://web.archive.org/web/20240311104937/https://reproducible.archlinux.org/api/v0/builds/594200/diffoscope
This might be somewhat difficult to read, most of the differences are an offset being off-by-one, but the first difference seems to be:
So the content of
dns-fallback.json
became 1 byte larger in the second build.Ater a quick search in the source code I found ts/scripts/generate-dns-fallback.ts which seems to define how this file is generated.
The content of
build/dns-fallback.json
as currently distributed by Arch Linux:It seems
storage.signal.org
has changed from142.250.74.115
to142.250.181.211
(causing the 1 byte increase).Embedding this kind of data is generally fine in Arch Linux, however could this file be attached to the github release as an artifact? The "official"
dns-fallback.json
is currently only available inside of the official signal-desktop .deb. :)Currently these build instructions are used:
Suggestions on how to edit this very welcome! 🫶
This is somewhat related to #6814.
Thanks!
Steps to reproduce
Expected result
Actual result
Screenshots
Signal version
7.1.1
Operating system
Arch Linux
Version of Signal on your phone
No response
Link to debug log
No response
The text was updated successfully, but these errors were encountered: